Weekly Vulnerabilities Reports > September 12 to 18, 2011

Overview

81 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 43 vendors including Microsoft, Adobe, Cogentdatahub, Measuresoft, and Progea. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Path Traversal", and "Improper Input Validation".

  • 78 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-16 CVE-2011-3499 Progea Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017

Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.

10.0
2011-09-16 CVE-2011-3498 Progea Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

10.0
2011-09-16 CVE-2011-3497 Measuresoft Information Exposure vulnerability in Measuresoft Scadapro

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.

10.0
2011-09-16 CVE-2011-3496 Measuresoft Improper Input Validation vulnerability in Measuresoft Scadapro

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

10.0
2011-09-16 CVE-2011-3495 Measuresoft Path Traversal vulnerability in Measuresoft Scadapro

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

10.0
2011-09-16 CVE-2011-3494 Interactivedata Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Interactivedata Esignal 10.6/10.6.2425

WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow.

10.0
2011-09-16 CVE-2011-3493 Cogentdatahub Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cogentdatahub Cogent Datahub

Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.

10.0
2011-09-16 CVE-2011-3492 Azeotech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Azeotech Daqfactory

Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.

10.0
2011-09-16 CVE-2011-3491 Progea Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

10.0
2011-09-16 CVE-2011-3490 Measuresoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Measuresoft Scadapro

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

10.0
2011-09-16 CVE-2011-3488 Equis Resource Management Errors vulnerability in Equis Metastock

Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.

10.0
2011-09-15 CVE-2011-3322 Scadatec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Scadatec Procyon Scada 1.06/1.13

Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.

10.0
2011-09-14 CVE-2011-2595 Acdsee Buffer Errors vulnerability in Acdsee Fotoslate 4.0

Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.

10.0
2011-09-12 CVE-2011-3421 Google
Acer
Samsung
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
10.0
2011-09-12 CVE-2011-3420 Google
Acer
Samsung
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
10.0
2011-09-16 CVE-2011-3503 Interactivedata Unspecified vulnerability in Interactivedata Esignal 10.6.2425.1208

Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file.

9.3
2011-09-16 CVE-2011-3321 Siemens Buffer Errors vulnerability in Siemens products

Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.

9.3
2011-09-16 CVE-2011-3211 Bcfg2 Improper Input Validation vulnerability in Bcfg2

The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.

9.3
2011-09-15 CVE-2011-2442 Adobe Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."

9.3
2011-09-15 CVE-2011-2441 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2440 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2439 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."

9.3
2011-09-15 CVE-2011-2438 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2437 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.

9.3
2011-09-15 CVE-2011-2436 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2435 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2434 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.

9.3
2011-09-15 CVE-2011-2433 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.

9.3
2011-09-15 CVE-2011-2432 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.

9.3
2011-09-15 CVE-2011-2431 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."

9.3
2011-09-15 CVE-2011-1991 Microsoft Unspecified vulnerability in Microsoft products

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-071 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html'CWE-426: Untrusted Search Path'

9.3
2011-09-15 CVE-2011-1990 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

9.3
2011-09-15 CVE-2011-1989 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

9.3
2011-09-15 CVE-2011-1988 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."

9.3
2011-09-15 CVE-2011-1987 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

9.3
2011-09-15 CVE-2011-1986 Microsoft Resource Management Errors vulnerability in Microsoft Excel 2003

Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."

9.3
2011-09-15 CVE-2011-1982 Microsoft Improper Input Validation vulnerability in Microsoft Office 2007/2010

Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

9.3
2011-09-15 CVE-2011-1980 Microsoft DLL Loading Arbitrary Code Execution vulnerability in Microsoft Office Shared Component

Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-073 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-15 CVE-2011-3394 Myrephp SQL Injection vulnerability in Myrephp Myre Real Estate Software

SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2011-09-15 CVE-2011-2671 9 Dotpp NET Authentication Security Bypass vulnerability in Megalith 12/27

Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors.

7.5
2011-09-14 CVE-2011-3208 CMU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

7.5
2011-09-14 CVE-2010-4839 Edgetechweb
Wordpress
SQL Injection vulnerability in Edgetechweb Event Registration

SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.

7.5
2011-09-12 CVE-2009-5094 Cmsfaethon SQL Injection vulnerability in Cmsfaethon CMS Faethon 2.2.0

SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.

7.5
2011-09-12 CVE-2009-5091 Vlinks SQL Injection vulnerability in Vlinks 1.0.3/1.1.6

SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2011-09-12 CVE-2009-5088 Ideacart SQL Injection vulnerability in Ideacart 0.02

SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.

7.5
2011-09-15 CVE-2011-1984 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

7.2
2011-09-13 CVE-2009-5097 HP Code Injection vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.

7.1

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-15 CVE-2011-1353 Adobe
Microsoft
Local Privilege Escalation vulnerability in Adobe Acrobat and Reader

Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.

6.9
2011-09-12 CVE-2009-5095 EA Style Code Injection vulnerability in Ea-Style Gbook 0.1/0.1.4

PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.

6.8
2011-09-12 CVE-2009-5090 Daman371 SQL Injection vulnerability in Daman371 Bloggeruniverse

SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.

6.8
2011-09-14 CVE-2010-4834 Oneorzero SQL Injection vulnerability in Oneorzero Aims 2.6.0/2.7.0

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller.

6.5
2011-09-14 CVE-2010-4838 Extensiondepot
Joomla
SQL Injection vulnerability in Extensiondepot COM Jsupport 1.5.6

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

6.0
2011-09-13 CVE-2009-5098 HP Resource Management Errors vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4

The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.

5.4
2011-09-16 CVE-2011-3502 Cogentdatahub Information Exposure vulnerability in Cogentdatahub Cogent Datahub

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).

5.0
2011-09-16 CVE-2011-3501 Cogentdatahub Numeric Errors vulnerability in Cogentdatahub Cogent Datahub

Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.

5.0
2011-09-16 CVE-2011-3500 Cogentdatahub Path Traversal vulnerability in Cogentdatahub Cogent Datahub

Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

5.0
2011-09-16 CVE-2011-3489 Rockwellautomation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation Rslogix

RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.

5.0
2011-09-16 CVE-2011-3487 Carel Path Traversal vulnerability in Carel Plantvisor

Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2011-09-16 CVE-2011-3486 Beckhoff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Beckhoff Twincat

Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.

5.0
2011-09-14 CVE-2011-2581 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 3000, Nexus 5000 and Nx-Os

The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.

5.0
2011-09-13 CVE-2009-5101 Pentaho Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0

Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.

5.0
2011-09-12 CVE-2009-5093 Php4Scripte Path Traversal vulnerability in PHP4Scripte Gastebuch 1.6

Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a ..

5.0
2011-09-12 CVE-2009-5087 Geovision Path Traversal vulnerability in Geovision Digital Surveillance System 8.2

Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a ..

5.0
2011-09-15 CVE-2011-3393 Myrephp Cross-Site Scripting vulnerability in Myrephp Myre Real Estate Software

Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.

4.3
2011-09-15 CVE-2011-1893 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."

4.3
2011-09-15 CVE-2011-1891 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Services

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."

4.3
2011-09-15 CVE-2011-1890 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

4.3
2011-09-15 CVE-2011-0653 Microsoft Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."

4.3
2011-09-14 CVE-2011-3481 CMU Unspecified vulnerability in CMU Cyrus Imap Server

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

4.3
2011-09-14 CVE-2011-2201 Mark Stosberg
Perl
Permissions, Privileges, and Access Controls vulnerability in Mark Stosberg Data::Formvalidator

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

4.3
2011-09-14 CVE-2010-4837 Extensiondepot
Joomla
Cross-Site Scripting vulnerability in Extensiondepot COM Jsupport 1.5.6

Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php.

4.3
2011-09-14 CVE-2010-4836 Phpshop Cross-Site Scripting vulnerability in PHPshop

Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter.

4.3
2011-09-13 CVE-2009-5099 Pentaho Cross-Site Scripting vulnerability in Pentaho BI Server 1.2.0/1.6.0

Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter.

4.3
2011-09-13 CVE-2009-5096 Khalid Baheyeldin
Drupal
Cross-Site Scripting vulnerability in Khalid Baheyeldin Flag Content

Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.

4.3
2011-09-12 CVE-2010-4340 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Libcloud

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.

4.3
2011-09-12 CVE-2011-3422 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

4.3
2011-09-12 CVE-2009-5092 Microsoft Cross-Site Scripting vulnerability in Microsoft Fast ESP 5.0.9

Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-09-12 CVE-2009-5089 Ideacart Path Traversal vulnerability in Ideacart 0.02/0.02A

Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a ..

4.3
2011-09-15 CVE-2011-1892 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

4.0
2011-09-14 CVE-2010-4835 Oneorzero Path Traversal vulnerability in Oneorzero Aims 2.6.0

Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-13 CVE-2009-5100 Pentaho Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0

Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.

2.1